Improve test coverage

2026-02-27 18:50:28 +01:00 · 2026-02-27 18:50:28 +01:00 · 1cd7fb659a
commit 1cd7fb659a
parent ccc00d8e80
5 changed files with 130 additions and 26 deletions
--- a/IdentityShroud.Core.Tests/Helpers/Base64UrlConverterTests.cs
+++ b/IdentityShroud.Core.Tests/Helpers/Base64UrlConverterTests.cs
@ -0,0 +1,36 @@
+using System.Text;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+using IdentityShroud.Core.Helpers;
+
+namespace IdentityShroud.Core.Tests.Helpers;
+
+public class Base64UrlConverterTests
+{
+    internal class Data
+    {
+        [JsonConverter(typeof(Base64UrlConverter))]
+        public byte[]? X { get; set; }
+    }
+
+    [Fact]
+    public void Serialize()
+    {
+        Data d = new() { X = ">>>???"u8.ToArray() };
+        string s = JsonSerializer.Serialize(d);
+
+        Assert.Contains("\"Pj4-Pz8_\"", s);
+    }
+    
+    [Fact]
+    public void Deerialize()
+    {
+        var jsonstring = """
+            { "X": "Pj4-Pz8_" }
+            """;
+        var d = JsonSerializer.Deserialize<Data>(jsonstring);
+
+        Assert.Equal(">>>???", Encoding.UTF8.GetString(d.X)); 
+    }
+    
+}
--- a/IdentityShroud.Core.Tests/Services/DataEncryptionServiceTests.cs
+++ b/IdentityShroud.Core.Tests/Services/DataEncryptionServiceTests.cs
@ -0,0 +1,64 @@
+using System.Security.Cryptography;
+using IdentityShroud.Core.Contracts;
+using IdentityShroud.Core.Model;
+using IdentityShroud.Core.Security;
+using IdentityShroud.Core.Services;
+using IdentityShroud.TestUtils.Substitutes;
+
+namespace IdentityShroud.Core.Tests.Services;
+
+public class DataEncryptionServiceTests
+{
+    private readonly IRealmContext _realmContext = Substitute.For<IRealmContext>();
+    private readonly IDekEncryptionService _dekCryptor = new NullDekEncryptionService();// Substitute.For<IDekEncryptionService>();
+
+    private readonly DekId _activeDekId = DekId.NewId();
+    private readonly DekId _secondDekId = DekId.NewId();
+    private DataEncryptionService CreateSut()
+        => new(_realmContext, _dekCryptor);
+
+    [Fact]
+    public void Encrypt_UsesActiveKey()
+    {
+        _realmContext.GetDeks(Arg.Any<CancellationToken>()).Returns([
+            CreateRealmDek(_secondDekId, false),
+            CreateRealmDek(_activeDekId, true),
+        ]);
+
+        var cipher = CreateSut().Encrypt("Hello"u8);
+        
+        Assert.Equal(_activeDekId, cipher.DekId);
+    }
+
+    [Fact]
+    public void Decrypt_UsesCorrectKey()
+    {
+        var first = CreateRealmDek(_activeDekId, true);
+        _realmContext.GetDeks(Arg.Any<CancellationToken>()).Returns([ first ]);
+
+        var sut = CreateSut();
+        var cipher = sut.Encrypt("Hello"u8);
+
+        // Deactivate original key
+        first.Active = false;
+        // Make new active
+        var second = CreateRealmDek(_secondDekId, true);
+        // Return both
+        _realmContext.GetDeks(Arg.Any<CancellationToken>()).Returns([ first, second ]);
+
+
+        var decoded = sut.Decrypt(cipher);
+
+        Assert.Equal("Hello"u8, decoded);
+    }
+    
+    private RealmDek CreateRealmDek(DekId id, bool active)
+        => new()
+        {
+            Id = id,
+            Active = active,
+            Algorithm = "AES",
+            KeyData = new(KekId.NewId(), RandomNumberGenerator.GetBytes(32)),
+            RealmId = default,
+        };
+}